History log of /freebsd-head/contrib/ipfilter/ip_fil.c
Revision Date Author Comments
b523d380610f1a2f29f59d8d747fdc270fc00b2b 03-Feb-2019 cy <cy@FreeBSD.org> ipfilter #ifdef cleanup.

Remove #ifdefs for ancient and irrelevant operating systems from

When ipfilter was written the UNIX and UNIX-like systems in use
were diverse and plentiful. IRIX, Tru64 (OSF/1) don't exist any
more. OpenBSD removed ipfilter shortly after the first time the
ipfilter license terms changed in the early 2000's. ipfilter on AIX,
HP/UX, and Linux never really caught on. Removal of code for operating
systems that ipfilter will never run on again will simplify the code
making it easier to fix bugs, complete partially implemented features,
and extend ipfilter.

Unsupported previous version FreeBSD code and some older NetBSD code
has also been removed.

What remains is supported FreeBSD, NetBSD, and illumos. FreeBSD and
NetBSD have collaborated exchanging patches, while illumos has expressed
willingness to have their ipfilter updated to 5.1.2, provided their
zone-specific updates to their ipfilter are merged (which are of interest
to FreeBSD to allow control of ipfilters in jails from the global zone).

Reviewed by: glebius@
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D19006
d07109aadcb56c6aabc5f578146cd9806170bdeb 04-Dec-2018 cy <cy@FreeBSD.org> As part of the general cleanup of the ipfilter code, special cases
are committed separately to document fixing them separately from
the general cleanup. In this case we don't want to hide the utter
brokenness of what is being fixed.

Clean up a discombobulated block of #if's, with one block unreachable.
ip_fil.c is used in ipftest which is used to dry-run test ipfilter
rules in userspace without loading them in the kernel. The call to
(*ifp->if_output) matches that in the FreeBSD kernel.

Further testing and work will be required to make ipftest fully

MFC after: 1 week
8ddae1aa967a1cbf7b4b0dd8267fb58832a48b50 16-Mar-2017 cy <cy@FreeBSD.org> calloc() and realloc() modernization.

This commit replaces calloc calls, which called calloc() as if it were
malloc() by allocating a multiple of objects as a sizeof multiplied by
the number of objects. The patch rectifies this by calling calloc() as
it was meant to be called.

This commit also replaces realloc() with reallocarray() in a similar
fashion as above. Instead of calculating the memory to reallocated
(changed) by multiplying sizeof by the number of objects, the sizeof
and number are passed as separate arguments to reallocarray(), letting
reallocarray() do the multiplication instead. Like the calloc()
adjustment above, this is approach is cleaner and more elegant than
than the previous code.

This has been tested on my production firewall and a laptop (also
running ipfilter).

Submitted by: pfg
MFC after: 6 weeks
00d578928eca75be320b36d37543a7e2a4f9fbdb 27-May-2016 grehan <grehan@FreeBSD.org> Create branch for bhyve graphics import.
e1dd16d965b177f109afb771e59432e36f335d0a 05-Oct-2015 ngie <ngie@FreeBSD.org> Revert r288682

I meant to do this on ^/user/ngie/more-tests

Pointyhat to: ngie (use svn info next time...)
115d008392113efc6f844baa7cc407e9eaae63db 05-Oct-2015 ngie <ngie@FreeBSD.org> Remove some paths preparing for a re-copy from head
896e3f467bb1988d34b0711c1ccc64990fab0ce7 19-Feb-2015 glebius <glebius@FreeBSD.org> The ipftest(1) is a program that emulates ipf(4) operation and tests packets
against rules. It definitely doesn't need to know about kernel internals,
such as 'struct ifaddr'. What it does with ifaddr, is that it only takes
ifa_addr member of it, and treats it as sockaddr, while it is only a pointer
to sockaddr. Fortunately, sizeof(struct ifaddr) > sizeof(struct sockaddr_in6),
so no problems arise.

Fix that declaring a private struct ifaddr in ipftest(1) and stop including

Sponsored by: Netflix
Sponsored by: Nginx, Inc.
eb1a5f8de9f7ea602c373a710f531abbf81141c4 21-Feb-2014 gjb <gjb@FreeBSD.org> Move ^/user/gjb/hacking/release-embedded up one directory, and remove
^/user/gjb/hacking since this is likely to be merged to head/ soon.

Sponsored by: The FreeBSD Foundation
6b01bbf146ab195243a8e7d43bb11f8835c76af8 27-Dec-2013 gjb <gjb@FreeBSD.org> Copy head@r259933 -> user/gjb/hacking/release-embedded for initial
inclusion of (at least) arm builds with the release.

Sponsored by: The FreeBSD Foundation
b3f0452e3485d31d295010234a8951b1129a6f0b 21-Sep-2013 cy <cy@FreeBSD.org> Check return code from inet_pton.

Discovered by: Coverity.
Approved by: glebius (mentor)
Approved by: re (blanket)
672af8808c0e7c15f330b401482f9271c2eb3fa6 19-Jul-2013 cy <cy@FreeBSD.org> As per the developers handbook (5.3.1 step 1), prepare the vendor trees for
import of new ipfilter vendor sources by flattening them.

To keep the tags consistent with dist, the tags are also flattened.

Approved by: glebius (Mentor)
09f9c897d33c41618ada06fbbcf1a9b3812dee53 19-Oct-2010 jamie <jamie@FreeBSD.org> A new jail(8) with a configuration file, to replace the work currently done
by /etc/rc.d/jail.
f1216d1f0ade038907195fc114b7e630623b402c 19-Mar-2010 delphij <delphij@FreeBSD.org> Create a custom branch where I will be able to do the merge.
19b6af98ec71398e77874582eb84ec5310c7156f 22-Nov-2008 dfr <dfr@FreeBSD.org> Clone Kip's Xen on stable/6 tree so that I can work on improving FreeBSD/amd64
performance in Xen's HVM mode.
cf5320822f93810742e3d4a1ac8202db8482e633 19-Oct-2008 lulf <lulf@FreeBSD.org> - Import the HEAD csup code which is the basis for the cvsmode work.
21efffe9d50b01ea6aa5a957c76b82b6809fe518 04-Aug-2008 mlaier <mlaier@FreeBSD.org> Fix build when WITHOUT_DYNAMICROOT is specified in src.conf(5).
49ad2adb91673def2dfa0f293612e2de5e3a29af 24-Jul-2008 darrenr <darrenr@FreeBSD.org> 2020447 IPFilter's NAT can undo name server random port selection

Approved by: darrenr
MFC after: 1 week
Security: CERT VU#521769
b6b47f0bf017ea9acdb6e5e144ba9d79c7379034 18-Nov-2007 darrenr <darrenr@FreeBSD.org> MFC IPFilter update from 4.1.13 to 4.1.28, including additional fixes applied
post 4.1.28 for FreeBSD. See src/contrib/ipfilter/HISTORY for more details
of the bugs fixed, etc.
eae2976c19713d72ec10ebb670daf61d4ecb7b1a 31-Oct-2007 darrenr <darrenr@FreeBSD.org> MFC the following:
Apply a few changes from ipfilter-current:
* Do not hold any locks over calls to copyin/copyout.
* Clean up some #ifdefs
* fix a possible mbuf leak when NAT fails on policy routed packets

PR: 117216
Approved by: re
fd172ed3272b523c5499832d7098b6766bac7e4f 18-Oct-2007 darrenr <darrenr@FreeBSD.org> Pullup IPFilter 4.1.28 from the vendor branch into HEAD.

MFC after: 7 days
71e82d94e82560b20789833f60056506de34de8b 18-Oct-2007 darrenr <darrenr@FreeBSD.org> Import IPFilter 4.1.28
a33069b5324be7fb6d5c0a0d785bb0e10eb0aa36 04-Jun-2007 darrenr <darrenr@FreeBSD.org> Merge IPFilter 4.1.23 back to HEAD
See src/contrib/ipfilter/HISTORY for details of changes since 4.1.13
e2e28d4361fc9bdb67694eedaf349bdc7ca088a3 04-Jun-2007 darrenr <darrenr@FreeBSD.org> Import IPFilter 4.1.23 to vendor branch.
See src/contrib/ipfilter/HISTORY for details of changes since 4.1.13
f3324cfdfc3d7c48e7f77e4ec0bde88797769424 24-Aug-2006 guido <guido@FreeBSD.org> MFC: ipfilter 4.1.13
e49049679f4ee5ce6bb9214122154c529a811b5e 16-Aug-2006 guido <guido@FreeBSD.org> Resolve conflicts

MFC after: 1 weeks
092f5d1218f4867a87b382d75613b9d2b3e56c18 16-Aug-2006 guido <guido@FreeBSD.org> Import IP Filter 4.1.13
c7e59108a809522772558d4296eb75a9e3dd5c05 26-Apr-2005 darrenr <darrenr@FreeBSD.org> Fix include directives that were missing the netinet include directory, where
the ipl.h file is found. Also add back in ip_fil.c, which somehow went missing
in action.
b8892e0b0c21a7cf39b7b7abaaa0f1a85028288f 26-Apr-2005 darrenr <darrenr@FreeBSD.org> Missing file from vendor branch import.
d438802dcb3e270d6fcc65f075c808c64853a7c2 25-Apr-2005 darrenr <darrenr@FreeBSD.org> import ipfilter 4.1.8 into the vendor branch
590450fec65a8e72a8965117398bc8f14938b4a8 21-Jun-2004 darrenr <darrenr@FreeBSD.org> Import ipfilter 3.4.35 onto vendor branch
bb1b56a0d0298883a2ab7c9a86a66dedb7a42c0b 15-Feb-2003 darrenr <darrenr@FreeBSD.org> Import userland tools for IPFilter 3.4.31 into -current
3aab5fb9fd5d3200009207f552a48b8100b853b2 28-Aug-2002 darrenr <darrenr@FreeBSD.org> With a bit of luck, this will be a first-time right import of ipfilter 3.4.29
on to the vendor branch.
18c772ae03d7e1f977314e90bd189cc5bd011d58 07-Jun-2002 darrenr <darrenr@FreeBSD.org> Import IPFilter 3.4.28
49c8a23224d88e6d6d3be39c5024f4a7ba105108 25-Apr-2002 darrenr <darrenr@FreeBSD.org> Import IPFilter 3.4.26
5df96985515dd8f51d4209b69c12cbab7c289fd0 19-Mar-2002 darrenr <darrenr@FreeBSD.org> Import IPFilter 3.4.25
c51cd1facc817411a340278e6e0b901d53f11cc5 28-Jul-2001 darrenr <darrenr@FreeBSD.org> Import IPFilter version 3.4.20
227ce6056bd3de96b51fd863a66296fc54c951b4 18-Jun-2001 ru <ru@FreeBSD.org> Removed duplicate copies of files already present in sys/contrib/ipfilter.

Not objected to by: -arch
7595d5ffce4a14f32ac605d21cbd61fbe85057e2 26-Oct-2000 darrenr <darrenr@FreeBSD.org> Import IP Filter 3.4.12
54a215376523c9828e0092de33f29614fca24281 13-Aug-2000 darrenr <darrenr@FreeBSD.org> Import base ipfilter 3.4.9 into contrib dir.
90778a716059d6db7810bad8d8a4e1b787dc4a06 19-Jul-2000 darrenr <darrenr@FreeBSD.org> Import v3.4.8 into -current
dda6755c7b3b3b5d3e9111b7d0c39a7d8b5f3e12 24-May-2000 darrenr <darrenr@FreeBSD.org> Import IP Filter 3.4.4 into FreeBSD-current
b42951578188c5aab5c9f8cbcde4a743f8092cdc 02-Apr-2000 cvs2svn <cvs2svn@FreeBSD.org> This commit was manufactured by cvs2svn to create branch 'ALSA'.
1fa4f6782a7e92a232e56892d8bce7920d49292e 09-Feb-2000 guido <guido@FreeBSD.org> Import of ipfilter 3.3.8

Approved by: jkh
c3aa6ac872203077a6f4cd5b2ff64081364914b9 13-Jan-2000 guido <guido@FreeBSD.org> Import of ipfilter 3.3.6 (freebsd relevant part)

Obtained from: ftp://coombs.anu.edu.au/pub/net/firewall/ip-filter/ip_fil3.3.6.tar.gz
0539756f3d2277bd1ecc19afb014c074426e2f35 08-Nov-1999 guido <guido@FreeBSD.org> Import of ipfilter 3.3.3 in anticipation of its revival.
More to come in the next days.
9529c38ad8859b9f325867d97f266101f2c4dca3 20-Jun-1998 peter <peter@FreeBSD.org> Import trimmed version of ipfilter 3.2.7.

Obtained from: Darren Reed via http://cheops.anu.edu.au/~avalon/
58e3555d887b6a5b1f460d8ee84ca4e97c0a8217 21-Mar-1998 peter <peter@FreeBSD.org> Import ipfilter 3.2.3
0506343883d62f6649f7bbaf1a436133cef6261d 11-Jan-1998 cvs2svn <cvs2svn@FreeBSD.org> This commit was manufactured by cvs2svn to create branch 'jb'.
7c6e96080c4fb49bf912942804477d202a53396c 10-Jan-1998 cvs2svn <cvs2svn@FreeBSD.org> This commit was manufactured by cvs2svn to create branch 'JB'.
594e73c3109178aa1c5317785aaa284a0c135ff4 16-Nov-1997 peter <peter@FreeBSD.org> Import ipfilter 3.2.1 (update from 3.1.8)
e0610b5498ab54082ddadbfebd47280245e3e0f8 25-May-1997 darrenr <darrenr@FreeBSD.org> Import version 3.2alpha7
d25503500842fdd0550710a7afb953d1b8f20f00 03-Apr-1997 darrenr <darrenr@FreeBSD.org> Import IP Filter version 3.2alpha4 to bring in working LKM for 2.2
2d94e888ee6d73e6d599e49598a12d8da9f74f69 02-Mar-1997 peter <peter@FreeBSD.org> reimport ipfilter v3.1.8 to get it onto the vendor branch again.
cb8d46a179f2d30ac1cd0a01eb156e1a4c08d717 09-Feb-1997 darrenr <darrenr@FreeBSD.org> Import IP Filter v3.1.7 into FreeBSD tree